CTO Security Report

We have a lot of news on the mobile front this week; This is unsurprising given that the mobile sector is expanding so fast that some have taken to calling today the “Post-PC Era”.  We all know very well that it’s not over yet, but it’s exciting to see such prolific changes in our day-to-day operations and see the mobile platform take shape as it heads rapidly towards maturity.  This isn’t without bumps in the road — this week the FCC announced initiatives to curb phone theft through the use of a deactivation database while a malicious application posing as “Angry Birds Space” tore through gullible users on the Android App Store.

Boeing Secure Android Phones

Boeing is seeking to provide customers with a low-cost, high-security phones with familiar consumer interfaces.  To facilitate this, they’ve chosen to develop a secure version of the android operating system for secure communications.  While the operating system will be consumer-based, the prices will be oriented towards corporations and government.  This is Boeings first foray into the mobile communications solutions market.
With the recent instability of RIM, it may turn out to be a smart move for Boeing (and other companies) to begin fielding mobile solutions for Federal and Private space when/if the mobile solutions provider collapses.

Read More: http://www.theregister.co.uk/2012/04/12/boeing_secure_smartphone/

FCC ‘Protect’ Initiative

The FCC Protect initiavtive is a program designed by the FCC to curtail the theft and sale of stolen phones by making the phones inoperable via the service provider.  Phone details including the MEID and other unique network identifiers which allow the devices to communicate on mobile networks are placed into an industry blacklist.  Mobile phones attempting to be activated onto a carrier network would first be checked against this list to ensure that the phone is not stolen before allowing the device on the network.
Recently AT+T has come under legal fire for allowing stolen iPhones to remain active and allowing them to re-activate on their networks.  Initiatives such as this will prevent further legal actions and hopefully dry up the motivation to steal mobile phones.

Read More: http://www.v3.co.uk/v3-uk/news/2166919/fcc-takes-plan-track-stolen-phones

Angry Birds Trojan

If you needed any more evidence that off-brand Android application stores are rife with malware, this is it — a malicious application posing as “Angry Birds Space” was discovered on a third-party app store this week.  What makes this interesting is that the trojan made an attempt to hide it’s payload inside of a JPEG file which contained two linux executable files.  These files, when detached and ran by the trojan, prompted the phone to open specific URL’s, essentially rolling it into a “Botnet” according to Sophos Security.  This is another in a long line of Android exploits, but with the always-on capabilities of Android phones combined with poor virus detection services, expect to see more advanced malware proliferate.

Read More: http://nakedsecurity.sophos.com/2012/04/12/android-malware-angry-birds-space-game/?utm_source=twitter&utm_medium=gcluley&utm_campaign=naked%2Bsecurity

HP Ships Infected Product

HP ProCurve 5400zl switches may come with infected flash memory cards, which, when used in a computer, will load an infection onto the users machine.  While the memory cards were likely infected from a third-party-supplier, this type of malicious activity is far from unheard of — Dell,

for one was infected in a similar manner, and several years ago Energizer released a USB charger with preloaded malware as well.  Many security professionals have also heard stories of infectious USB keys being passed to officials at conferences or other trade and industry gatherings.

Read More: http://www.theregister.co.uk/2012/04/11/hp_ships_malware_cards_with_switches_oops/

Remote Samba Exploit Affects All Current Versions

A critical exploit in Samba (a service which provides file and print services to Unix, Linux, and Windows operating systems) affects all recent versions of the Samba software.  The remote exploit does not require authentication, which makes it extremely dangerous, and affects versions of the software from 3.0.x up to and including 3.6.3.  Due to the ease with which the exploit can be successfully launched, those behind the open-source product recommend immediately upgrading to the most recent version of Samba.

Official Announcement Here: http://www.samba.org/samba/security/CVE-2012-1182

Sign up for your free CTOvision Pro trial today for unique insights, exclusive content and special reporting.

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

USN Quarterly Industry Day at Charleston: What you need to know to compete

Request Your Invite to the 20 May 2014 Andreessen Horowitz Fed Forum in DC

Amazon Hopeful that Fire TV will Spread

What The Enterprise IT Professional Needs To Know About Git and GitHub

3D Printing… At Home?

Tech Firms Seeking To Serve Federal Missions: Here is how to follow the money

Creating The New Cyber Warrior: Eight South Carolina Universities Compete

Mobile Gamers: Fun-Seeking but Fickle

Update from DIA CTO, CIO and Chief Engineer on ICITE and Enterprise Apps

Pew Report: Increasing Technology Use among Seniors

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

solid
About BryanHalfpap

Bryan Halfpap is a software programmer, technology analyst and writer and a driving force behind the security reporting at CTOvision.com He is a frequent speaker at events and conferences including Defcon. You can find him on twitter: @crypt0s